Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re:Privacy Concerns (Score 2) 244

Remember - we're comparing IPv4 with NAT against IPv6.

Yes the ISP allocates the IPv6 prefix, but then again with NAT every source packet has the same IPv4 address. The real difference is that with IPv6 every single request can be given a different source address. If the source addresses are picked randomly from the /64 pool then it should be impossible to identify individual hosts within the /64 based solely on IP address information. As you rightly point out there are other effective ways of doing this already, but that's not an argument against using IPv6.

Comment Re:Privacy Concerns (Score 4, Interesting) 244

I've never understood this concern. With IPv6 I have, say, 2^64 addresses to use. I could use a different source IP address for each and every HTTP request I send out. Even at 1000 requests a second we'll all be long dead before you had to reuse a source address.

IPv6 gives you loads of room to hide. This is my concern - address based blocklists will quickly become infeasible.

Comment Re:We don't need this law! (Score 5, Insightful) 199

Facebook are willing to sue. They don't want people to do this either. It devalues their service (even if the users are the "product", they still need to provide something of value to attract users).

Facebook probably wants to be able to charge companies for access to potential employees' data

Comment Re:What? (Score 2) 152

CRLs are revocation lists which used to be published by CAs and clients were able to periodically download.

As a concept they were replaced with OCSP (online certificate status protocol). Here the client requests the current status of a certificate each time they are presented with it. The idea was that it would be more timely and up to date and meant CAs didn't need to publish a complete list of revoked certificates.

Now it seems Chrome wants to go back to a bodged version of the old way of doing things where Chrome periodically requests the CRL from the browser vendor or Chrome is periodically updated with the latest CRL?

Comment Re:Bah CA's (Score 1) 87

The CAs never see the private key material. When you apply for a certificate, you generate the private key and a certificate signing request (CSR). It's the CSR which gets sent to the CA to sign, not the private key. All the CA has a copy of is the CSR and certificate, which is public knowledge anyway.

Comment Re:Idiotic, that's what OS's do (Score 4, Insightful) 330

Virtualisation is, in many ways, trying to do what the OS should already be doing, namely isolation between processes (though protected memory), providing an abstraction layer for the hardware (though drivers) and allocating resources (through the CPU/IO schedulers).

Unfortunately, a certain OS has been so bad at doing this (historically) that people turn to virtualisation and you end up with a form of inner-platform effect. We have Linux implementing the virtio drivers to interface with the hypervisor which implements real drivers to talk to the real hardware. We have the guest's scheduler trying to manage "virtual CPUs" without any real information about what resources are actually available. We have hypervisors trying to re-implement copy-on-write for memory pages that the OS already does out-of-the-box.

Virtualisation is used as a "one size fits all" sledgehammer, often where it isn't the appropriate solution.

Slashdot Top Deals

Nobody said computers were going to be polite.